Compliance & Strategy

New Year’s Resolution: be proactive with cybersecurity

This year has been no stranger to the wrath of cyberattacks. With British Airways, HSBC, Yahoo and, the most shocking of them all, Facebook making up just a handful of all the victims across the world. The biggest takeaway from 2018 is that businesses ought to be more proactive with their cybersecurity protocols.

That’s not to say that progress hasn’t been made over the years. Encrypting sensitive data became a fundamental priority after the UK government lost 25 million people’s private details in two discs in the post, and the 2017 NotPetya attack has certainly put cybersecurity matters at the forefront of every CEO’s mind.

Richard Horne, a cybersecurity consultant at PwC, rightly said: “NotPetya made all organisations sit up and take notice.”

There’s no doubting the gravity of the 2017 attack, which crippled global institutions like shipping giant Maersk and Ukrainian banks with a completely unseen level of deception. It is because of this severity, sophistication and frequency in the number of data breaches that companies have “woken up” to the need to address their cybersecurity measures.

Roughly 90 per cent of all senior managers working in large businesses stated that cybersecurity was one of their top concerns, and yet Horne believes “most organisations are still trying to get the basics right.” NotPetya was the result of a breach on third-party accounting software which spread like wildfire after a series of updates, which appears to be child’s play when considering that businesses are still operating on outdated systems and insecure internet connections.

The solution, Paul Harragan, senior cybersecurity specialist at EY; believes lies with companies and board members to put cyber at its very core and provide sufficient training to prevent potential threats.

He said: “We’re seeing a holistic shift from cyber security strategy as reactive to proactive. The controls [many companies] have in place are very reactive — they only identify what’s already out there.

“We’re noticing a shift to scenario-based testing — identifying scenarios which really could damage the business and testing them to understand how the company reacts.”

Paired with the importance of new data protection laws, most notably the implementation of GDPR across the EU in May this year to force companies to reckon with their security failures in a public (or otherwise costly) manner, it is clear that reactive behaviour is slowly transitioning to proactive.

But not fast enough, according to Feng Li, Cass Business School’s chair of information management.

“GDPR has certainly increased awareness of [cyber security] issues, but the effectiveness of it as a tool to deal with some of the emerging issues is still questionable.

“We’re humans. We’re always going to make mistakes. Hackers are always going to look for vulnerabilities,” said Li.

Mistakes may be made, but reaction and positive reaction in particular is vital. The new year will herald much change, and cybersecurity ought to be a top priority for the sake of global growth and improvement in both public and private security – digital or otherwise.